Again I agree but why use unpatched anything? As the risk would be lower if either system was patched.
I think I am concerned more with the message to the end user more than anything (aka dont worry about patching is a quick fix and your good to go) On Wed, Oct 14, 2009 at 1:21 AM, Matt Lye <[email protected]> wrote: > Overall the risk is lower comparing unpatched Windows with unpatched Linux. > Typically as long as the live CD is a recent version I wouldn't see much > wrong about this method. > > -Matthew Lye > > You can do anything you set your mind to when you have vision, > determination, and and endless supply of expendable labor. > <No tree's were harmed during this transmission. However, a great number of > electrons were terribly inconvenienced> > > > > On Wed, Oct 14, 2009 at 12:55 PM, Keith Pawson <[email protected]>wrote: > >> Seems that a few people in the public arena have started spreading the >> word >> about using a Linux Boot CD is the most secure way to do Internet Banking >> now :-0 >> >> Not just one source either: >> >> http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne >> t-banking.aspx<http://www.itnews.com.au/News/157767,nsw-police-dont-use-windows-for-interne%0At-banking.aspx> >> http://blogs.zdnet.com/hardware/?p=5813&tag=nl.e589 >> http://blogs.techrepublic.com.com/security/?p=2492&tag=nl.e036 >> >> http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b >> ank_on.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/avoid_windows_malware_b%0Aank_on.html?wprss=securityfix> >> >> http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d >> own_non.html?wprss=securityfix<http://voices.washingtonpost.com/securityfix/2009/10/e-banking_on_a_locked_d%0Aown_non.html?wprss=securityfix> >> >> http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking. >> html<http://sunbeltblog.blogspot.com/2009/10/erosion-of-trust-for-online-banking.%0Ahtml> >> >> Am I right in saying this is actually a bad thing? >> >> I've listened to Paul and the gang go on about using live CDs such as >> Backtrack and so forth is a bad thing due to components being out of date >> and vulnerable - use them in a test network for research and education. >> >> So imagine people doing this and not updating the live CD for say 6 months >> or never and suppose they leave the thing running for a week or even worse >> all the time. In addition this does not mitigate against DNS spoofing, >> browser XSS and so forth, right? >> >> What do you guys think about this latest trend and what do you think the >> risks really are with this scenario? >> >> Cheers >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
